Strip post data and related headers upon mock 303 redirect

Bug: 838291 Change-Id: I591d86d2ca3a12c3975f84d0159c5fd55badc8a7 Reviewed-on: https://chromium-review.googlesource.com/c/1285753 Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#600936}

Strip post data and related headers upon mock 303 redirect
Bug: 838291 Change-Id: I591d86d2ca3a12c3975f84d0159c5fd55badc8a7 Reviewed-on: https://chromium-review.googlesource.com/c/1285753 Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#600936}
1f9439d0 · Andrey Kosyakov · Commit Bot · 49f7b5a7 · 1f9439d0 · 1f9439d0
Commit 1f9439d0 authored Oct 18, 2018 by Andrey Kosyakov Committed by Commit Bot Oct 18, 2018
3 changed files
--- a/content/browser/devtools/devtools_url_loader_interceptor.cc
+++ b/content/browser/devtools/devtools_url_loader_interceptor.cc
@@ -23,6 +23,7 @@
 #include "net/base/mime_sniffer.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/http/http_util.h"
+#include "net/url_request/redirect_util.h"
 #include "net/url_request/url_request.h"
 #include "services/network/public/cpp/resource_request_body.h"
 #include "third_party/blink/public/platform/resource_request_blocked_reason.h"
@@ -1286,6 +1287,14 @@ void InterceptionJob::FollowRedirect(

  network::ResourceRequest* request = &create_loader_params_->request;
  const net::RedirectInfo& info = *response_metadata_->redirect_info;
+
+  bool clear_body = false;
+  net::RedirectUtil::UpdateHttpRequest(
+      request->url, request->method, info,
+      base::nullopt /* modified_request_headers */, &request->headers,
+      &clear_body);
+  if (clear_body)
+    request->request_body = nullptr;
  request->method = info.new_method;
  request->url = info.new_url;
  request->site_for_cookies = info.new_site_for_cookies;

--- a/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/interception-redirect-303-clears-post-data-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/interception-redirect-303-clears-post-data-expected.txt
+Test to ensure devtools clears post data after getting HTTP 303 through interception response.
+
+Got request: POST http://127.0.0.1:8000/my-path
+Post Data: foo=bar
+Origin: http://127.0.0.1:8000
+Content-Type: application/x-www-form-urlencoded
+Got request: GET http://127.0.0.1:8000/devtools/resources/empty.html
+Origin: undefined
+Content-Type: undefined
+
--- a/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/interception-redirect-303-clears-post-data.js
+++ b/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/interception-redirect-303-clears-post-data.js
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+(async function(testRunner) {
+  var {page, session, dp} = await testRunner.startBlank(`Test to ensure devtools clears post data after getting HTTP 303 through interception response.\n`);
+
+  dp.Network.enable();
+  dp.Page.enable();
+
+  dp.Network.setRequestInterception({patterns: [{}]});
+
+  dp.Runtime.evaluate({expression: `
+    document.body.innerHTML = '<form id="form" method="post" action="/my-path"><input type="text" name="foo" value="bar" /></form>';
+    var form = document.getElementById('form');
+    form.submit();
+  `});
+
+  dp.Network.onRequestIntercepted(event => {
+    const request = event.params.request;
+    testRunner.log(`Got request: ${request.method} ${request.url}`);
+    if (request.postData)
+      testRunner.log("Post Data: " + request.postData);
+    for (const header of ["Origin", "Content-Type"]) {
+      testRunner.log(`${header}: ${request.headers[header]}`);
+    }
+  });
+  let params = (await dp.Network.onceRequestIntercepted()).params;
+  const response = "HTTP/1.1 303 See other\r\n" +
+      "Location: http://127.0.0.1:8000/devtools/resources/empty.html\r\n\r\n";
+  dp.Network.continueInterceptedRequest({interceptionId: params.interceptionId, rawResponse: btoa(response)});
+  params = (await dp.Network.onceRequestIntercepted()).params;
+  dp.Network.continueInterceptedRequest({interceptionId: params.interceptionId});
+  dp.Page.onLoadEventFired(() => testRunner.completeTest());
+});
\ No newline at end of file